|
Monday, June 12, 2006
What Access Rights Do You Have?
Bookmark:
|
|
|
|
|
|
|
|
|
|
A PowerShell script to check User/Group access rights on FileSystem and Registry.
|
|
|
|
Yesterday, I was reading post on Mark's Sysinternals Blog: The Power in Power Users. It says "a user that belongs to the Power Users group can easily elevate themselves to fully-privileged administrators". He used a tool called AccessChk to find out what access rights does "Power User" group have.
If you read my serise posts on access control list in monad. you will find out that we can get/set access rule in PowerShell directly without using extra tools. So I wrote a PowerShell script (Check-AccessRights.ps1) to get similar function as AccessChk. It is pretty dirty, but dose the job. You may want to try
D:\ps1\Check-AccessRights.ps1 .\or
# Check your access rights on current path (could be filesystem or registry)
D:\ps1\Check-AccessRights.ps1 HKLM:\sytem\CurrentControlSet\Services $true "Power Users"Be prepared if you use -Recurse option ($true), you may want to redirect results to a file.
# HKLM:\sytem\CurrentControlSet\Services is Path to check
# $true is to get child object ACL recursively
# "Power Users" is user/group
#################################################################
#
# File: Check-AccessRights.ps1
# Author: Tony (http://MSHForFun.blogspot.com/)
# Parameters:
# $Path: PowerShell Path (for example, c:\ or HKLM:\)
# $Recurse: Check child object recursively
# $Account: User name / Group (for example, "domain\alice",
# "Power Users")
#
################################################################
param([string] $Path = {throw "Please specify a path"}, [bool] $Recurse = $false, [string] $Account)
if (-not (test-path $Path))
{
$Path + " not exists!"
return
}
if ([string]::ISNullOrEmpty($Account))
{
$SID = ([System.Security.Principal.WindowsIdentity]::GetCurrent()).Owner
}
else
{
$SID = (new-object System.Security.Principal.NTAccount($Account)).Translate([System.Security.Principal.SecurityIdentifier])
if ($SID -eq $null) {return}
}
"Account: " + $SID.ToString()
"Path: " + $Path
$AccessRules = (get-acl $Path).Access
if ($AccessRules -eq $null)
{
"Can't get access rules!"
return
}
$AccessRules|foreach-object {
$CurrentSID = $_.IdentityReference.Translate([System.Security.Principal.SecurityIdentifier])
if ($CurrentSID.ToString() -eq $SID.ToString())
{
$_
}
}
if ($Recurse)
{
Get-ChildItem $Path -Recurse| foreach {
"========================================"
"Child Path: " + $_.ToString()
$AccessRules = (get-acl $Path).Access
if ($AccessRules -eq $null)
{
"Can't get access rules!"
return
}
$AccessRules|foreach-object {
$CurrentSID = $_.IdentityReference.Translate([System.Security.Principal.SecurityIdentifier])
if ($CurrentSID.ToString() -eq $SID.ToString())
{
$_
}
}
}
}
Have Fun
Tags: msh monad PowerShell
# posted by Anonymous : 6/12/2006 11:30:00 AM
Comments:
<< Home
Online poker free signup poker bankrolls is a very attractive
poker sign up bonuses it's all possible duration.
giving money from pokerroom with no deposit bonus and found you very morale player.
As a friendly propriet instant poker bonus - Poker online no deposit $35 bonus promotion.
bonus for CD Poker is quite no need deposit free bankrolls so stronger than any internet bonuses for poker.
well you may be take free Poker cash ane $50 bonuses.
good little free signup poker bankrolls as download soft.
poker sign up bonuses it's all possible duration.
giving money from pokerroom with no deposit bonus and found you very morale player.
As a friendly propriet instant poker bonus - Poker online no deposit $35 bonus promotion.
bonus for CD Poker is quite no need deposit free bankrolls so stronger than any internet bonuses for poker.
well you may be take free Poker cash ane $50 bonuses.
good little free signup poker bankrolls as download soft.
<< Home
Post a Comment